{"id":25000882,"url":"https://github.com/schaffung/duplcertdetect","last_synced_at":"2025-03-29T19:14:02.369Z","repository":{"id":144098147,"uuid":"340035278","full_name":"schaffung/duplCertDetect","owner":"schaffung","description":"Detecting duplicate certs before enabling ssl in glusterfs","archived":false,"fork":false,"pushed_at":"2021-02-18T12:14:05.000Z","size":18,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-02-04T19:51:32.313Z","etag":null,"topics":["glusterd","glusterfs","ssl-certificate"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/schaffung.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-02-18T11:56:00.000Z","updated_at":"2021-02-18T12:14:07.000Z","dependencies_parsed_at":null,"dependency_job_id":"a84f0120-bbac-43cc-ae3b-13327eec071e","html_url":"https://github.com/schaffung/duplCertDetect","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/schaffung%2FduplCertDetect","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/schaffung%2FduplCertDetect/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/schaffung%2FduplCertDetect/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/schaffung%2FduplCertDetect/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/schaffung","download_url":"https://codeload.github.com/schaffung/duplCertDetect/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246230541,"owners_count":20744349,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["glusterd","glusterfs","ssl-certificate"],"created_at":"2025-02-04T19:51:30.118Z","updated_at":"2025-03-29T19:14:02.363Z","avatar_url":"https://github.com/schaffung.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# duplCertDetect\nDetecting duplicate certs before enabling ssl in glusterfs\n\nFor those who have been using glusterfs for sometime now, enabling and using SSL starts with the process of certificate creation.\nNow this can be either a self signed certificate, i.e. you create your own certs for the nodes and combine the certs to create\na glusterfs.ca ( basically appending all the public certs of nodes into a file ), or derive your certs from a root CA following\nthe process of certificate signing etc, etc.\n\nThis python script is basically concerned about the method 1, wherein we create self signed certificates. Due to human error \nor an issue with the algorithm being used to concatenate the certs into a .ca file ( which again is technically human error only\nas it was a human who wrote the code ), there might be a duplicate entry of a certificate or two.\n\nThis duplicate entry would lead to some grave issues when one goes ahead and enables the ssl in glusterfs and one might look into\nan error of the form -\u003e [2021-02-18 11:11:11.12312] E [socket.c:246:ssl_dump_error_stack] 0-socket.management:   error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert already in hash table\n\nWhich actually implies a duplicate entry inside the glusterfs.ca.\n\nThis script is about taking a pre-emptive approach and checking the glusterfs.ca for any existing duplicates inside them. ( I'd suggets using ansible\nto run this script in all nodes and get the result to check if everything is well and good before enabling the ssl option ).\n\nTo run the script one just needs to give the path to the glusterfs.ca\n`python3 dupl_cert.py \u003cpath_to_glusterfs.ca\u003e`\n\nIf there are any duplicate entries, the script will dump those public keys.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fschaffung%2Fduplcertdetect","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fschaffung%2Fduplcertdetect","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fschaffung%2Fduplcertdetect/lists"}